Lucene search
K

75 matches found

Amazon
Amazon
added 2026/01/05 12:0 a.m.7 views

Important: ecs-init

Issue Overview: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is...

7.5CVSS6.8AI score0.00585EPSS
Exploits1
Amazon
Amazon
added 2025/08/08 12:0 a.m.4 views

Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.4 views

Amazon Linux 2 : ecs-init (ALASECS-2025-074)

The version of ecs-init installed on the remote host is prior to 1.96.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-074 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
Amazon
Amazon
added 2025/07/30 12:0 a.m.6 views

Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.9AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.10 views

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1015)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1015 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...

7.8CVSS6.3AI score0.00275EPSS
Exploits1References4
Amazon
Amazon
added 2025/06/11 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS7.2AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2025/06/11 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

7.8CVSS7.1AI score0.00275EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.5 views

Amazon Linux 2 : ecs-init (ALASECS-2025-067)

The version of ecs-init installed on the remote host is prior to 1.93.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-067 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where...

7.8CVSS6.4AI score0.00275EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.6 views

Amazon Linux 2 : ecs-init (ALASECS-2025-065)

The version of ecs-init installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-065 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

6.5CVSS7.5AI score0.00478EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/10 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS7.7AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

6.5CVSS9.6AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.4 views

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

7.8CVSS7.7AI score0.00275EPSS
Exploits1
Amazon
Amazon
added 2025/06/10 12:0 a.m.7 views

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

4.6CVSS7.4AI score0.00275EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Medium: ecs-init

Issue Overview: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are...

5.3CVSS7.2AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init...

5.3CVSS8.4AI score0.00856EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.5 views

Amazon Linux 2 : ecs-init (ALASECS-2025-050)

The version of ecs-init installed on the remote host is prior to 1.89.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-050 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...

3.6CVSS6.7AI score0.00317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Amazon Linux 2 : ecs-init (ALASECS-2025-051)

The version of ecs-init installed on the remote host is prior to 1.75.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-051 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

5.3CVSS6.9AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init...

5.3CVSS7.3AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Low: ecs-init

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

3.6CVSS6.7AI score0.00317EPSS
Exploits0
Rows per page
Query Builder